Because when you dial up to an ISP, you get a "real" iP address and there is no additional nat. When you are behind a firewall, it is usually using PAT (port address translation), not NAT. Since VPN's require specific ports, using PAT at the firewall breaks the VPN. There is a fairly new concept of "nat transparency" that will support VPN clients behind a nat firewall. Many of the SOHO routers support vpn "passthrough" which is basically the same, but most corporate firewalls do not have this feature.
It depends on the firewall/router at this location where you say it does not work. If it is a small Linksys, D-link or other SOHO router, it should have the capability to support IPSEC Passthrough. It just may not be enabled.

0

markfowkesAuthor Commented: 2003-03-06

What a star - jumped onto the firewall at the "non" working end, enabled IPsec passthrough - worked! :)

Also for anyone else reading this topic i actually had to enabled IPSEC Type '2 SPI' on the Symantec 200R.

Featured Post

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.